Collusion-resistant watermarking and fingerprinting

ABSTRACT

An implementation of a technology is described herein that facilitates rights enforcement of digital goods using watermarks. More particularly, it is a fingerprinting technology for protecting digital goods by detecting collusion as a malicious attack and identifying the participating colluders. If a digital pirate breaks one client and enables this client to avoid watermark detection, all content (both marked/protected an unmarked/free) can be played as unmarked only on that particular client. However, to enable other clients to play content as unmarked, the digital pirate needs to collude the extracted detection keys from many clients in order to create content that can evade watermark detection on all clients. The described implementation significantly improves collusion resistance through a fingerprinting mechanism that can identify the members of a malicious coalition even when their numbers are several orders of magnitude greater than what conventional collusion-protection schemes can accomplish. However, in this scenario each member of the malicious coalition leaves a fingerprint in every digital good from which the estimated watermark is subtracted. Thus, like a burglar without gloves, the digital pirate leaves her fingerprints only when she commits a crime. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.

RELATED APPLICATIONS

This application is a continuation of and claims priority to U.S. patentapplication Ser. No. 09/841,159, filed Apr. 23, 2001, now U.S. Pat. No.7,047,413, the disclosure of which is incorporated by reference herein.

TECHNICAL FIELD

This invention generally relates to a technology facilitating rightsenforcement of digital goods using watermarks. This invention furthergenerally relates to a fingerprinting technology for protecting digitalgoods by detecting collusion as a malicious attack and identifying theparticipating colluders.

BACKGROUND

“Digital goods” is a generic label for electronically stored ortransmitted content. Examples of digital goods include images, audioclips, video, multimedia, software, and data. Digital goods may also becalled a “digital signal,” “content signal,” “digital bitstream,” “mediasignal,” “digital object,” “object,” and the like.

Digital goods are often distributed to consumers over private and publicnetworks—such as Intranets and the Internet. In addition, these goodsare distributed to consumers via fixed computer readable media, such asa compact disc (CD-ROM), digital versatile disc (DVD), soft magneticdiskette, or hard magnetic disk (e.g., a preloaded hard drive).

Unfortunately, it is relatively easy for a person to pirate the pristinedigital content of a digital good at the expense and harm of the contentowners—which includes the content author, publisher, developer,distributor, etc. The content-based industries (e.g., entertainment,music, film, etc.) that produce and distribute content are plagued bylost revenues due to digital piracy.

Modem digital pirates effectively rob content owners of their lawfulcompensation. Unless technology provides a mechanism to protect therights of content owners, the creative community and culture will beimpoverished.

Watermarking

Watermarking is one of the most promising techniques for protecting thecontent owner's rights of a digital good. Generally, watermarking is aprocess of altering the digital good such that its perceptualcharacteristics are preserved. More specifically, a “watermark” is apattern of bits inserted into a digital good that may be used toidentify the content owners and/or the protected rights.

Generally, watermarks are designed to be completely invisible or, moreprecisely, to be imperceptible to humans and statistical analysis tools.

A watermark embedder (i.e., encoder) is used to embed a watermark into adigital good. A watermark detector is used to extract the watermark fromthe watermarked digital good. Watermark detection is performed inreal-time even on small devices.

Those of ordinary skill in the art are familiar with conventionaltechniques and technology associated with watermarks, watermarkembedding, and watermark detecting.

Watermarks have limitations. They may be used to designate a digitalgood as protected and, perhaps, to indicate that a license is necessaryto legally use the digital good. However, since watermarks are identicalin all copies of a digital good, a digital pirate can reproduce theoriginal content of a marked copy by breaking the watermark at a singlewatermark detector, for example by extracting the detection key andusing it to find the watermark and remove it or jam it.

Therefore, others may use the original content without the watermark;thus, without the content owner receiving the appropriate compensation.This is generally called “break once run everywhere” or BORE.

Furthermore, to individualize a particular copy of a digital good (or aparticular system that will use that good) with watermarks, we need toaugment it with a technology called “fingerprinting”.

Conventional Fingerprinting

Conventional fingerprinting (i.e., “classic fingerprinting”) refers totechniques that involve uniquely marking each copy of a particulardigital good, and associating each uniquely marked copy with a “classicfingerprint.” That classic fingerprint is associated with or assigned toa particular entity (e.g., person, business, media player, or smartcard) to which the copy is distributed.

If unauthorized copies of the uniquely marked copy are made, thefingerprint can be traced back to the original entity to which the copywas initially distributed. In other words, classic fingerprintingtechnology may be used to trace piracy to its origin.

As an example, consider a printed map. When a mapmaker produces a map,they may want to ensure that those individuals to whom the map isdistributed do not make unauthorized copies of the map and distributethem to others. One way that the mapmaker might protect his maps is tointroduce a different trivial error (e.g., a non-existent street) intoeach of the copies of the map that are distributed. Those differenttrivial errors are fingerprints. Each fingerprint is then associatedwith an individual to whom the map is distributed. By associating eachdifferent fingerprint with a different individual, if and whenunauthorized copies of that individual's copy are uncovered, they can betraced back to the original individual by virtue of the uniquefingerprint that the map contains.

Using embedding methods similar (but not identical) to watermarking, thefingerprint is embedded into a digital good. If we want to achieve bothprevention and “after the fact” tracing, a combination of thefingerprint and watermark are embedded into a digital good.

Very powerful machines that can devote significant resources to theprocess of detecting a fingerprint typically perform fingerprintdetection. If necessary, a fingerprint detector can have access to theoriginal unmarked digital good, using it to improve the likelihood ofsuccess in detecting the fingerprints—even from content modified bymalicious attacks.

Classic Fingerprint=Unique Entity Identifier (UEid)

Although the term “fingerprint” is commonly understood by those ofordinary skill in the art, the terms “classic fingerprint” or “uniqueentity identifier” (UEid) may be used hereinafter to refer to thisconventional technology (and its unique marks). This is done to avoidconfusion with the use, herein, of “fingerprinting” in the othersections of this document (i.e., sections other than the “Background”section). In those other sections, the term “fingerprinting” may referto a similar, but distinctly different technology.

Collusion

One problem with fingerprinting can arise when two or more entitiescollude. Their purpose for doing this may be to discover, modify, orremove their fingerprints and/or the embedded watermark. Those thatattempt to collude are called “colluders.” A group of colluders whoattempt to collude are part of a “collusion clique.”

Returning to the map example for illustration, collusion occurs when twoor more individuals get together and compare their maps. They can, givenenough time, ascertain their unique fingerprints by simply looking forthe differences between their maps. If they can ascertain theirfingerprint, they can alter it and therefore possibly avoid detection.

With the advent of the Internet and electronic distribution,fingerprinting digital goods for purposes of detecting or deterringunauthorized copying has become particularly important. As in the abovemap example, collusion by different individuals in the digital contextcan pose challenges to the owners and distributors of digital goods.

Conventional Fingerprinting/Watermarking Systems with CollusionResistance

Existing conventional fingerprinting/watermarking systems have somecapability for collusion detection. However, the protection offered bythese systems is limited.

For example, Ergun et al. have proved that no conventionalfingerprinting system can have a better asymptoticalcollusion-resistance than: O((N/log(N))^(1/2))— where O indicates “orderof magnitude” and N is the size of the marked digital good. For example,the best fingerprinting system today, “the Improved Boneh Shaw System”achieves for a typical two hour movie a collusion resistance of only 40users. This system, just as the original “Boneh Shaw FingeprintingSystem” has collusion resistance in the order of O(N^(1/4)).

The derivation of the upper bound on fingerprinting mechanisms by Ergunet al. considers embedding distinct fingerprints per copy of a digitalgood and models collusion attacks as averaging of copies with additivenoise. Aspects of their work are described in an article entitled “ANote on the Limits of Collusion-Resistant Watermarks,” authored byErgun, Kilian, and Kumar, appearing in Proc. Eurocrypt, 1999.

For example, another conventional fingerprinting system (the“Boneh-Shaw, or B-S system”) defines a lower bound oncollusion-resistant fingerprinting: O(N^(1/4)). Assuming that the markeddigital good is a typical music clip, the lower bound of the number ofcolluders necessary to thwart this conventional system is in theneighborhood of 4. The B-S system is a fingerprinting system thatattempts to overcome the problem of collusion when fingerprintingdigital goods. Aspects of the B-S system are described in an articleentitled “Collusion-Secure Fingerprinting for Digital Data” authored byBoneh and Shaw, appearing in IEEE Transactions on Information Theory,Vol. 44, No. 5, September 1998.

Those of ordinary skill in the art are familiar with conventionaltechniques and technology associated with classic fingerprinting,classic fingerprinting embedding, and classic fingerprinting detecting.

Although the conventional fingerprinting systems provide some protectionagainst collusion, that protection is only effective when the number ofcolluders is relatively small. Consequently, the confidence level that amarked digital good is free from the effects of collusion is not high.

Accordingly, there is a need for a new watermarking/fingerprintingtechnology that is more collusion resistant. A new technology is neededthat increases the protection that is provided by fingerprinting (andwatermarking) to detect colluders even when their numbers are large. Ifthat numbers is several orders of magnitude greater than theconventional, then the confidence level—that a marked digital good isfree from the effects of collusion—would be very high indeed.

Moreover, there needs to be a more effective technique to identify thata digital good has had its mark removed and who removed that mark. Thatway, piracy crimes can be more effectively investigated.

SUMMARY

Described herein is a technology facilitating rights enforcement ofdigital goods using watermarks. Also described herein is afingerprinting technology for protecting digital goods by detectingcollusion as a malicious attack and identifying the participatingcolluders. With this technology, digital goods are protected by amechanism that detects collusion and colluders. In other words, withthis technology, digital goods are protected by identifying that adigital good has had its mark removed and who removed that mark. Thatway, piracy crimes can be more effectively investigated.

At least one implementation of the technology, described herein, ischaracterized by limited BORE-resistance at the protocol level. (BORE is“break once, run everywhere.”) If a digital pirate breaks one client andenables this client to avoid watermark detection, all content (bothmarked/protected an unmarked/free) can be played as unmarked only onthat particular client. However, to enable other clients to play contentas unmarked, the digital pirate needs to collude the extracted detectionkeys from many clients in order to create content that can evadewatermark detection on all clients.

At least one implementation, described herein, significantly improvescollusion resistance through a fingerprinting mechanism that canidentify the members of a malicious coalition even when their numbersare several orders of magnitude greater than what conventionalcollusion-protection schemes can accomplish. Consequently, theconfidence level—that a marked digital good is free from the effects ofcollusion—may be very high indeed. Each watermark detection key isdistinct for all clients and thus contains a fingerprint associated withits corresponding client. The adversary coalition colludes their keys tocreate the optimal estimate of the embedding watermark. However, in thisscenario each member of the malicious coalition leaves a fingerprint inevery digital good from which the estimated watermark is subtracted

Since, with this technology, a watermark detector uses its assigned“fingerprint” (as part of the secret detection key) to detect awatermark embedded in a digital good, an digital pirate (or group ofsuch pirates) leaves her “fingerprint” when she removes (or modifies)the embedded watermark. Thus, like a burglar without gloves, the digitalpirate leaves her fingerprints when she commits a crime.

Unlike conventional fingerprinting technologies, the technologydescribed herein does not mark each copy of the content individually.The pirate marks the content when committing the crime.

This summary itself is not intended to limit the scope of this patent.Moreover, the title of this patent is not intended to limit the scope ofthis patent. For a better understanding of the present invention, pleasesee the following detailed description and appending claims, taken inconjunction with the accompanying drawings. The scope of the presentinvention is pointed out in the appending claims.

BRIEF DESCRIPTION OF THE DRAWINGS

The same numbers are used throughout the drawings to reference likeelements and features.

FIG. 1 is a schematic block diagram showing an architecture inaccordance with an implementation of the invention herein andrepresentation of an attack on a digital good.

FIG. 2 is a flow diagram showing an illustrative methodologicalimplementation (e.g., an embedding implementation) of the inventionherein.

FIG. 3 is a flow diagram showing an illustrative methodologicalimplementation (e.g., a detection implementation) of the inventionherein.

FIG. 4 is a flow diagram showing an illustrative methodologicalimplementation (e.g., a fingerprint detection implementation) of theinvention herein.

FIG. 5 is an example of a computing operating environment capable ofimplementing an implementation (wholly or partially) of the inventionherein.

DETAILED DESCRIPTION

In the following description, for purposes of explanation, specificnumbers, materials and configurations are set forth in order to providea thorough understanding of the present invention. However, it will beapparent to one skilled in the art that the present invention may bepracticed without the specific exemplary details. In other instances,well-known features are omitted or simplified to clarify the descriptionof the exemplary implementations of present invention, thereby betterexplain the present invention. Furthermore, for ease of understanding,certain method steps are delineated as separate steps; however, theseseparately delineated steps should not be construed as necessarily orderdependent in their performance.

The following description sets forth one or more exemplaryimplementations of Collusion-Resistant Watermarking and Fingerprintingthat incorporate elements recited in the appended claims. Theseimplementations are described with specificity in order to meetstatutory written description, enablement, and best-mode requirements.However, the description itself is not intended to limit the scope ofthis patent.

The inventors intend these exemplary implementations to be examples. Theinventors do not intend these exemplary implementations to limit thescope of the present invention. Rather, the inventors have contemplatedthat the present invention might also be embodied and implemented inother ways, in conjunction with other present or future technologies.

An example of an embodiment of Collusion-Resistant Watermarking andFingerprinting may be referred to as an “exemplary collusion resister.”

Incorporation by Reference

The following co-pending patent applications are incorporated byreference herein:

-   -   U.S. patent application Ser. No. 09/437,713, entitled “Methods        and Systems for Fingerprinting Digital Data” filed on Oct. 28,        1999, and assigned to the Microsoft Corporation;    -   U.S. patent application Ser. No. 09/316,899, entitled “Audio        Watermarking with Dual Watermarks” filed on May 22, 1999,        assigned to the Microsoft Corporation; and    -   U.S. patent application Ser. No. 09/614,660, entitled “Improved        Stealthy Audio Watermarking” filed on Jul. 12, 2000, assigned to        the Microsoft Corporation.        Introduction

The one or more exemplary implementations, described herein, of thepresent invention may be implemented (in whole or in part) by acollusion-resistant architecture 100 and/or by a computing environmentlike that shown in FIG. 5.

One problem with fingerprinting can arise when two or more entitiescollude. Their purpose for doing this may be to discover, modify, orremove their fingerprints and/or the embedded watermark. Those thatattempt to collude are called “colluders.” A group of colluders iscalled a “collusion clique.”

The exemplary collusion resister is generally BORE-resistant at theprotocol level. (BORE is “break once, run everywhere.”) By breaking asingle client (i.e., detection entity), the digital pirate can playcontent as non-marked on that broken client, but needs to collude withothers (other clients or other pirates who have broken into clients) tofinally create content that can evade watermark detection on allclients. The exemplary collusion resister significantly improvescollusion resistance through a fingerprinting mechanism that canidentify the members of a collusion clique if its cardinality (i.e.,number of members) is smaller than a relatively large lower bound. Thatrelatively large lower bound is several orders of magnitude greater thanthe best that can be achieved by conventional systems.

Although the term “fingerprint” is commonly understood by those ofordinary skill in the art, the terms “classic fingerprint” or “uniqueentity identifier” (UEid) may be used hereinafter to refer to thisconventional technology (and its unique marks). This is done to avoidconfusion with the use, herein, of “fingerprinting” in the descriptionsof one or more implementations of the present invention. In thosedescriptions, the term “fingerprinting” may refer to a similar, butdistinctly different technology. More specifically, the fingerprint ofthose descriptions operates in a manner that is more analogous to themetaphor of forensic investigation. It is more like gathering evidencefor a crime scene investigation. More specifically, it is more likegathering fingerprints to help identify and catch a criminal.

Overview

One or more implementation of the exemplary collusion resister,described herein, limits the scope of possible collusion attacks, whencompared to classic fingerprinting systems. Under optimal attacks, thesize of the collusion necessary to remove the marks without leaving adetectable fingerprint is asymptotically K˜O(N) without segmentation,and κ_(s)˜O(N log(N)) with segmentation (where N denotes object size, Kis collusion resistance per segment, and κ_(s) is the cumulativecollusion resistance across segments).

Classic fingerprinting has a lower bound on collusion resistance that isroughly O(N^(1/4)). Thus, by using the exemplary collusion resister, onecan achieve content protection with collusion resistance of up to100,000 users for a two-hour high-definition video, for example.

Generally, the exemplary collusion resister is part of a combinedwatermarking/fingerprinting (“WM/FP”) technology for dramaticallyimproved collusion resistance. The improvement in collusion resistanceis by several orders of magnitude over the conventional. With theconventional approaches, it may require, for example, a handful to a fewdozen colluders to effectively remove the watermark without detection.With the exemplary collusion resister, it may require, for example, ahundred thousand (100,000) colluders to effectively remove the watermarkwithout detection.

Unlike conventional fingerprinting, the fingerprints are not embedded inthe digital good in at least one implementation of the exemplarycollusion resister. Rather, they are assigned to (or associated with) a“client.” A client may be called a “detection entity” because it is anentity that may detect a watermark. Examples of a detection entityinclude a person, company, or other business entity. Alternatively, a“detection entity” may be a specific copy of an application (e.g., amedia player), a hardware devices, or some combination. Morespecifically, the fingerprints are assigned to a watermark detector(WMD). In that implementation, the watermark detector uses its assigneda secret detection key—that key includes the fingerprint used to detectthe watermark. The detection key is different from the embedding key. Bygaining the knowledge of a small number of detection keys (throughcollusion or other means), a pirate cannot remove the marks from theprotected digital good.

Herein, it is assumed that the watermarking is robust againstsignal-processing attacks on the protected digital good. The exemplarycollusion resister focuses on resisting collusion attacks against thedetection keys. With the exemplary collusion resister, a pirate who hasaccess to one detection key may be able to fool the watermark detectorthat corresponds to that one detection key, but cannot fool otherdetectors. In addition, in that process, the pirate necessarily insertsa fingerprint in the modified digital good.

Since the detector uses its fingerprint (as part of the detection key)to detect a watermark, an attacker (or group of such attackers) leavesher fingerprint when she removes (or modifies) the watermark. Thus, likea burglar without gloves, an attacker leaves fingerprints when shecommits a crime. This also is unlike conventional fingerprinting.

With at least one implementation of the exemplary collusion resister,without segmentation the minimum collusion size (K) grows linearly withthe size (N) of the marked digital good.

With at least one implementation of the exemplary collusion resister, amarked digital good is partitioned into segments. Each segment is markedwith a different watermark. There are S segments. The watermark of eachsegment is associated with a single fingerprint (or alternatively asmall plurality of fingerprints). Consequently, the watermark of eachsegment may only be detected by a single detector (or alternatively asmall plurality of detectors) using its detection key. This segmentationis unlike conventional fingerprinting.

Only colluders with detection keys that belong to the same segment canparticipate in a collusion clique on that segment. Colluders with keysbelong to differing segments will be of no benefit to each other (unlikein conventional FP). With segmentation, the minimum collusion size Kgrows as O(N log N), where N is object size.

Therefore, with or without segmentation, the exemplary collusionresister significantly improves on the best conventional asymptoticresistance to fingerprint collusion attacks of O(N^(1/4)) of the B-Ssystem (see the Background section).

In at least one implementation of the exemplary collusion resister, thedetection keys used to detect the watermarks are potentially, relativelylarge. Although the key size is relatively small with respect to theentire bulk of the digital good (which can reach up to 1-2 terabytes forraw uncompressed high definition video), the size of the detection keycan still be inconveniently large especially for small embedded devices(approximately in the range of 1 KB). Therefore, the fingerprint iscompressed in a sense. More specifically, smaller detection keys aregenerated during the detection key creation that approximately butcorrectly correlates with a specific embedded watermark.

Traditional Spread-Spectrum Watermarking

A media signal (i.e., a digital good) to be watermarked x ∈ R^(N) can bemodeled as a random vector, where each element of x is a normal randomvariable with standard deviation A (i.e., x_(j)˜

(0, A)). For example, for audio signals A ranges typically within A∈{5,15}, after necessary media preprocessing steps. A “watermark key” wis defined as a spread-spectrum sequence vector w ∈(±1}^(N), where eachelement w_(j) is usually called a “chip.” The marked signal y is createdby vector addition y=x+w.

Let w·v denote the normalized inner product of vectors w and v (i.e. w·v≡N⁻¹Σw_(j)v_(j), with w²≡w·w. For example, for w as defined above wehave w²=1. We assume that the client (e.g., a media player) contains awatermark (WM) detector that receives a modified version ŷ of thewatermarked signal y. The WM detector performs a correlation (or matchedfilter) test d_(w)=ŷ·w, and decides that the watermark is present ifd_(w)>δ_(w), where δ_(w) is the detection threshold that controls thetradeoff between the probabilities of false positive and false negativedecisions.

Under no malicious attacks or other signal modifications (i.e. ŷ=y), ifthe signal y has been marked, then d_(w)=1+g_(w), where the “detectionnoise” g_(w) is a normal zero-mean random variable with variance σ²_(g)w=A²/N. Otherwise, the correlation test yields d_(w)=0+g_(w). Forequal probabilities of false positives and false negatives, we shouldset δ_(w)=½. For robustness against attacks, the signal domain x areappropriately chosen, and some small modifications on the watermarkpattern may be necessary.

For the purpose of describing implementations of the present invention,it is assumed that such precautions have been taken care of in thedesign of the WM detector, so such attacks are disregarded. For anoverview of techniques that use this paradigm for hiding data in audio,images, and video, see “Information Hiding Techniques for Steganographyand Digital Watermarking,” Katzenbeisser and Petitcolas, Eds., Boston,Mass.: Artech House 2000.

Traditional spread-spectrum watermarking systems detect watermarks usinga key w that is in essence a secret watermarking key (SWK). Typically,in many rights enforcement schemes, the watermark detection is done atthe client (e.g., a media player), which must then have access to theSWK. An adversary (e.g., a digital pirate) can thus recreate theoriginal content if they succeed in obtaining the SWK. For example, if apirate breaking into a detector, she may recover/discover the SWK. Armedwith this information, the digital pirate may recreate the originaldigital good which is not protected and thus, can be used anddistributed as “free unprotected” content.

Exemplary Collusion-Resistant Architecture

In the exemplary collusion resister, the watermark detection key (WDK)is different from the secret watermarking key (SWK) of traditionalwatermarking. Consequently, breaking into a single detector does notprovide the pirate enough information to remove the watermark w.

FIG. 1 illustrates the collusion-resistant architecture 100. Thearchitecture includes a key generations entity 110, marker 120,fingerprint detector 130, and watermark detector 140. Although FIG. 1also shows an attacker 150, the attacker, of course, is not part of thearchitecture. However, their actions are anticipated by thisarchitecture.

FIG. 1 illustrates the key generation entity 110. It includes apseudorandom key generator (PRKG) 112 for pseudorandomly generating theSWK w. This SWK w is combined (at 122) with the media signal x (i.e.,the digital good) by the marker to produce the marked signal y (i.e.,marked digital good). This marked signal y is publicly distributed bythe content owners. To this extent, the media signal x (in FIG. 1, x isinput into marker 120) may be watermarked in much the same manner as intraditional spread-spectrum watermarking.

However, in addition to generating the watermark, the key generationentity 100 generates an individualized “watermark carrier” (c_(i)) foreach detector i (alternatively, for each client i). More specifically, apseudorandom key generator (PRKG) 114 generates c_(i). That watermarkcarrier c_(i) is combined (at 116) with the SWK w to produce anindividualized watermark detection key (WDK h_(i)).

Thus, for each watermark detector i (for example, the watermark detector140 of FIG. 1), an individualized watermark detection key (WDK h_(i)) iscreated. That individualized key (h_(i)) is created from the SWK w. Anexample of a manner in which h_(i) is created from the SWK w is asfollows:

-   -   Let C={c_(ij)} denote an m×N matrix, where c_(ij)∈R, c_(ij)˜        (0, B)). In other words, each entry is a zero-mean normal random        variable with standard deviation σ_(c)=B.    -   Each row i contains a “watermark carrier,” denoted by c_(i). The        ith WDK is defined as h_(i)=w+c_(i).

The purpose of the watermark carrier (c_(i)) is to hide the SWK w inh_(i) so that knowledge of h_(i) does not imply knowledge of w, as longas B is large enough. In other words, no detector contains the SWK w,but rather a modified version of it. No conventional technique doesthis.

The key generation entity 110 produces at least two “keys,” and theyinclude SWK w and h_(i).

Because the watermark detectors use correlation-based watermarkdetection, they can still detect the watermark in a marked content y, aslong as the number of chips N is large enough to attenuate the noiseintroduced by the watermark carriers c_(i).

The watermark detection process (by, for example, that watermarkdetector 140 of FIG. 1) is carried out by correlating the receivedsignal ŷ (which may be modified) with h_(i). This h_(i) (being used bythis detector) is the individualized WDK assigned to the detector doingthe detection. More generally, the individualized WDK is assigned to a“client,” which is a person, company, or other business entity.Alternatively, a “client” may be a specific copy of an application(e.g., a media player).

The watermark detector generates a detector output d_(W)=ŷ·h_(i). Thisis labeled “mark present/absent decision” in FIG. 1. Similar totraditional spread-spectrum watermarking, if ŷ was marked, thend_(W)=1+g_(W); otherwise d_(W)=0+g_(W). The difference is that now g_(W)is a function of both the media x and the watermark carrier c_(i). Ifthere are no attacks (i.e., ŷ=y) then:d _(W) =y·h _(i)=(x+w)·(w+c _(i))=1+g _(W), whereg _(W) =x·(w+c _(i))+w·c _(i)from which is computed the detection noise variance as σ²_(gW)=(A²+B2+A²B²)/N.

FIG. 1 shows the watermark detector (WMD) 140. As described above, theWMD 140 correlates (with a correlation detector 142) a potentiallymarked signal ŷ with individualized WDK h_(i) (i.e., d_(W)=ŷ·h_(i)).Again, that individualized WDK h_(i) is specifically associated with theWMD 140. More particularly, it may be associated with a client.

The WMD 140 decides that the content of the potentially modified digitalgood is marked if d_(W)>δ_(W). The probability of false positives (i.e.,identifying an unmarked content as marked) is denoted as ε₁, whichshould be very small. (e.g., ε₁=10⁻⁹).

FIG. 1 shows the attacker 150. Although this illustrates only oneattacker, it represents one or more attackers with many individualizedWDKs. In other words, this attacker engages in a collusion attack.Regardless, the attacker—whether alone or working with others—isconsidered a colluder, herein, because it is a collusion attack usingmultiple WDKs.

The attacker 150 breaks into K clients. This may be accomplished byphysically breaking into the client's machines (e.g., code debugging,reverse engineering, etc.) or by using a sensitivity attack. Once in,the attacker 150 extracts their individualized WDKs {h_(i), i=1, . . .K}. The attacker creates an attack vector v as an optimal estimate ofthe SWK w given the collusion set {h_(i), i=1, . . . K}. This estimateis the product of an optimal mark estimator 152 of the attacker 150.Furthermore, the attacker creates (with a signal combiner 154) anattacked signal ŷ=y−v. The closer v estimates w, the more that attackerwill “clean” the watermark in generating ŷ.

The symbol ε₂ will denote the probability that a watermark chip isincorrectly estimated by the attacker (i.e., e₂=Pr[v_(j)≠w_(j)]). Theattacker aims at forcing ε₂ as small as possible. In the exemplarycollusion resister, the system parameters are designed such that ε₂ isas close to ½ as possible.

FIG. 1 shows the fingerprint detector (FPD) 130. It recovers the attackvector v from an attacked content ŷ and the originally marked content yby v=ŷ−y. Unlike the WMD (like WMD 140), the FPD 130 has access to thewatermark carrier matrix C. Thus, the FPD 130 correlates v (with acorrelation detector 132) with a suspect watermark carrier c_(i) (i.e.,it computes d_(F)=v·c_(i)) and decides that the ith client is part ofthe collusion if d_(F)>δ_(F) (i.e., δ_(F) is the FPD threshold).Compared to the WMD, the FPD has less noise in the correlated vectors,and thus the FPD collusion resistance is much higher than that of theWMD.

The symbol ε₃ will denote the probability of false positives in the FPD(i.e., incriminating a client that was not in the collusion set).Therefore, ε₃ should be very small.

Collusion Attacks on Detection Keys

Consider a collusion clique of size K that acquired K different WDKsh_(i) (possibly, by breaking into K clients and extracting the WDKs).This collusion clique may include only one attacker with K differentWDKs. Alternatively, it may include multiple attackers with K differentWDKs

For the purpose of describing collusion attacks, an optimal attack isbased on that set of keys {h_(i), i=1, . . . K}. Without loss ofgenerality, it is assumed that those extracted WDKs (with indices 1 toK) are the ones in the collusion.

The Optimal Attack

The attacker's goal is to estimate the SWK key w by an attack vector v,so that the modified signal ŷ=y−v will not show significant correlationwith any watermark detector j (i.e., ever for j>K). The best job thatattacker can possibly perform is given by v=sign(Σ_(i=1) ^(K)h_(i)).

WMD Performance

Given the optimal attack above, the average estimation error in theattack vector (ε₂=Pr[v_(j)≠w_(j)]) may be computed, for a collusion ofsize K, by:

$\begin{matrix}{ɛ_{2} = {{\frac{1}{2}{{erfc}\left( \frac{\sqrt{K}}{B\sqrt{2}} \right)}} < {\frac{1}{2}{\exp\left( {- \frac{K}{2B^{2}}} \right)}}}} & (1)\end{matrix}$

Given ε₂, the efficiency of a subtraction attack (ŷ=y−v) may beevaluated for the optimal attack vector v. SinceE[v·w]=Pr[v_(j)=w_(j)]−Pr[v_(j)≠w_(j)]=1−2ε₂, one can see that afterattack the expected output of the watermark correlation detector dropsto E[d_(w)]=2ε₂. The attacker may attempt a stronger subtraction attack,of the form ŷ=y−βv, with β>1, because that would bring the watermarkdetector output further down to E[d_(w)]=2βε₂−(β−1). As long as β is nottoo large, the attacked content ŷ may be acceptable to users.

Collusion Size

In order to reduce the correlation value to E[d_(w)]=θ, where θ istypically much smaller than δ_(W), the adversary (i.e., digital pirate,attacker, etc.) needs to collude K WDKs, with

$\begin{matrix}{K = {2{B^{2}\left\lbrack {{erf}^{- 1}\mspace{11mu}\left( \frac{1 - \theta}{\beta} \right)} \right\rbrack}^{2}}} & (2)\end{matrix}$

To make the attacker's job more difficult, the parameter B is increasedsince K grows with B². B is the standard deviation of the watermarkcarrier c. In doing so, however, the detection noise variance isincreased. The detection noise variance is σ² _(gW)=(A²+B2+A²B²)/N,where A is the standard deviation of the original content x and N is thesize of the digital good. For a given σ² _(gW), we can determine thatthe probability of false positives ε₁=Pr[d_(W)>δ_(W)| object is notmarked] by:

$\begin{matrix}{ɛ_{1} = {{\frac{1}{2}{erfc}\left( \frac{\delta_{W}\sqrt{N}}{\sqrt{2\left( {A^{2} + B^{2} + {A^{2}B^{2}}} \right)}} \right)} < \mspace{56mu}{\frac{1}{2}{\exp\left( {- \frac{\delta_{W}^{2}N}{2\left( {A^{2} + B^{2} + {A^{2}B^{2}}} \right)}} \right)}}}} & (3)\end{matrix}$

We note that if ρ² _(gW)=½, then ε₁ is also the probability of falsenegatives (i.e., the probability of a WMD not detecting a marked objectthat was not attacked.)

From the result above, the object size N required to achieve a given ε₁is

$\begin{matrix}{N = {\frac{2\left\lbrack {A^{2} + {B^{2}\left( {1 + A^{2}} \right)}} \right\rbrack}{\delta_{W}^{2}}\left\lbrack {{erf}^{- 1}\left( {1 - {2ɛ_{1}}} \right)} \right\rbrack}^{2}} & (4)\end{matrix}$

By combining the result above with that in Lemma 3, we conclude that thecollusion size K grows linearly with object size N (i.e., K˜O(N)). Morespecifically:

$\begin{matrix}{K = {N{\frac{\delta_{W}^{2}}{1 + A^{2}}\left\lbrack \frac{{erf}^{- 1}\left( \frac{1 - \vartheta}{\beta} \right)}{{erf}^{- 1}\left( {1 - {2ɛ_{1}}} \right)} \right\rbrack}^{2}}} & (5)\end{matrix}$

Equation 5 allows for quick computation of the object size N necessaryto achieve any desired collusion resistance K.

Fingerprint Detection

Fingerprint detection (such as by fingerprint detector (FPD) 130 ofFIG. 1) has less noise in its correlation output. Therefore, it shouldbe able to identify the indices i corresponding all the WDKs h_(i) usedin the collusion by the attacker, even if the collusion size K is largeenough to fool all clients, as computed above.

The FPD knows the marked content y, the attacked version ŷ, and thewatermark carriers c_(i). It computes the correlation d_(F)=(ŷ−y)·c_(i),and decides that the ith client participated in the collusion ifd_(F)>δ_(F). Assuming the attack model of discussed previously, ŷ=y−βv,the FPD output can be written as:d _(F)(ŷ−y)·c _(i)=β(v·c_(i))=E[d _(F) ]+g _(F)   (6)

where g_(F) is the zero-mean FPD correlation noise. The most criticalerror for the FPD is a false positive (i.e., incriminating a WDK i thatdid not participate in the collusion). The probability ε₃ of that erroris given, for an object of size N, by:

$\begin{matrix}{ɛ_{3} = {{\frac{1}{2}{{erfc}\left( \frac{\delta_{F}\sqrt{N}}{\sqrt{2}\beta\; B} \right)}} < {\frac{1}{2}{\exp\left( {- \frac{\delta_{F}^{2}N}{2\beta^{2}B^{2}}} \right)}}}} & (7)\end{matrix}$

As expected, ε₃<<ε₁ (usually by several orders of magnitude), since theargument in erfc(·) for ε₃ is approximately (Aδ_(F))/(βδ_(W)) timeslarger than the argument in erfc(·) for ε₁. Thus, by choosing B and Nfor a sufficiently low ε₁, a negligibly low probability ε₃ of falsepositives in the FPD is achieved.

To compute the detection performance of the FPD, its expected outputshould be determined when a carrier c_(i) is correlated such that h_(i)was part of the collusion. It can be seen that E[d_(F)]=βE[z_(j)],where:

$\begin{matrix}{{z_{j} = {{v_{j}c_{ij}} = {{{sign}\left\lbrack s_{j} \right\rbrack}\mspace{11mu} c_{ij}}}},{{{with}\mspace{14mu} s_{j}} = {w_{j} + b_{j}}},{{{and}\mspace{14mu} b_{j}} = {\frac{1}{K}{\sum\limits_{m = 1}^{K}c_{mj}}}}} & (8)\end{matrix}$

Thus, a collusion of size K produces:

$\begin{matrix}{{E\left\lbrack d_{F} \right\rbrack} = {\beta\frac{B}{\sqrt{K}}\sqrt{\frac{2}{\pi}}{\exp\left( {- \frac{K}{2B^{2}}} \right)}}} & (9)\end{matrix}$

Given the expected FPD output, δ_(F)=E[d_(F)]/2, which determines theprobability η of false negatives (i.e., the probability that a key indexi in the collusion will not be detected). An object of size N produces:

$\begin{matrix}{\eta = {\frac{1}{2}{{erfc}\left( \frac{\left( {{E\left\lbrack d_{F} \right\rbrack} - \delta_{F}} \right)\sqrt{N}}{\sqrt{2}\beta\; B} \right)}}} & (10)\end{matrix}$

From the results above, it can be computed that the object size Nnecessary to achieve a desired probability η of false negatives in theFPD. For simplicity, assume that the FPD threshold is set in the middle(i.e., δ_(F)=E[d_(F)]/2). The minimum collusion size (as discussedabove) is K=2B²μ², where mu=erf[β⁻¹(1−θ)] is fixed for a fixed attackefficiency (i.e., a fixed θ). Therefore, as B increases, the attackerhas to increase K proportionally to B². The object size N required toachieve a given η is

$\begin{matrix}{N = {K{\frac{\pi}{2}\left\lbrack {{erf}^{- 1}\mspace{11mu}\left( {1 - {2\eta}} \right){\exp\left( \mu^{2} \right)}} \right\rbrack}^{2}}} & (11)\end{matrix}$Segmentation

In the exemplary collusion resister, watermarks protect the content andfingerprints enable the content owner to identify a clique of clientsthat launched an attack to remove the watermark. This unique property ofthe implementation of the present invention provides an avenue to addmultiple watermarks in the object (i.e., digital good) and enforce theadversary to create cliques independently for each watermark.

More formally, the exemplary collusion resister divides the protectedobject into S segments (S_(s), s=1 . . . S) and watermark each of themwith a distinct spread spectrum sequence (w_(s), s=1 . . . S). Per eachsegment S_(s), the exemplary collusion resister uses m distinct WDKs(h_(i) ^([s]), i=1 . . . m). Each client gets a single WDK h_(i) ^([s])that corresponds to exactly one segment. Alternatively, it maycorrespond to multiple segments.

With this segmentation implementation, a protected object may bedefeated if watermarks are removed from all segments, while nofingerprints are introduced in the process. The collusion-resistanceκ_(s) of this segmentation implementation with S segments equals theexpected number of clients needed to use their WDKs in S collusioncliques (a clique per segment) to defeat this segmentationimplementation.

The probability q is the probability that after distributing κ_(s) keysinto segments, no segment contains less than K keys. Assume: S>>1, K isa relatively small constant, and

$\frac{\kappa_{s}}{S\; K} ⪢ 1.$Then: κ_(s)=S[1n(S)−1n(2∈₄)] then q>1−∈₄.

Collectively, the key generation entity 110 and marker 120 of FIG. 1perform the segmentation. Rather than redundantly embedding the samewatermark in the media signal x, the key generation entity 110 andmarker 120 embeds a watermark in each segment of the signal that areindependent of the watermarks in other segments. Also, the keygeneration entity 110 generates a set of unique WDKs for each segment;whereas each WDK is associated only with the watermark embedded in thecorresponding segment.

Of course, segments may be repeated within the signal. Therefore, whenreference is made to “each” segment having unique or independentproperties, this refers to unrepeated segments.

How Many Segments Per Object?

Since collusion resistance within a single segment is K˜N, whereN=N_(O)/S is the length of the segment, and collusion resistanceachieved over S segments is κ_(s)=S 1n(S) for small K, then theobjective is to have as short as possible segments in order to: (i)maximize overall collusion resistance κ_(s) and (ii) reduce the storagespace for a single WDK H_(i).

On the other hand, due to security measures for hiding w within awatermark carrier c_(i), there exists a lower bound on the watermarkcarrier amplitude B, commonly set to B≧A. Selection of B uniquelyidentifies the segment length N with respect to a desired probability ofa false alarm ε₁ under the optimal sign (mean(h)) attack. Such a setupdirectly impacts the maximal collusion size per segment K and maximalefficacy of the adversary in guessing SWK bits 1−ε₂. It also traces theguidelines for FPD detection performance ε₃ and η.

Key Compression

The exemplary collusion resister requires a relatively large storagespace for the detection keys. Generally, it is quite difficult tocompress the sum of two independent pseudo-random sequences, such thatit is hard to infer the individual sequences. However, the exemplarycollusion resister has a need to independently create pseudo-random keys(e.g., SWK w and watermark carrier c_(i)) in a secure environment, butstore their sum (e.g., WDK h_(i)) in an insecure environment (e.g., on aclient). Furthermore, this needs to be done so that the individual keyscannot be inferred from the sum.

Generally, a detection key (e.g., WDK h_(i)) may be about the size ofthe digital good itself. For realistic loads, the length of thedetection key may be in the order of 10⁵ bytes, which may be too muchdata for certain embedded devices.

Above, it was described that the WDK of client i is created ash_(i)=c_(i)+w, where c_(i) and w are mutually independent. Instead, theexemplary collusion resister can generate the watermark detection keyfrom a short seed using any standard cryptographically securepseudo-random key generator, and per chosen w do sieving and select onlythose seeds for which the resulting long sequence (denoted as s) has theproperty that s·w≧1, thus, inferring h_(i)=s. The deviation of s·w isroughly σ*=B√{square root over (N_(o))}, so the probability for arandomly chosen seed to meet this criterion is

$ɛ^{*} = {\frac{1}{2}{{{erfc}\left( {N_{O}/\left( {B\sqrt{2}} \right)} \right)}.}}$

FIG. 1 shows an h_(i) (individualized WDK) estimator 118 of the keygeneration entity 110 in FIG. 1. It generates a short-key estimation(s_(i)) for the individualized WDK (h_(i)). Consequently, s_(i)≈h_(i).In other words, the short-key estimation (s_(i)) of the individualizedWDK is approximately equal to the individualized WDK (h_(i)).

Alternative Key Compression

The exemplary collusion resister may generate the key from a short seedusing any standard cryptographically secure pseudorandom key generator,and per a chosen w do sieving and “pick” only those seeds for which theresulting long sequence (call it s) has the property that s·w>2n/3, say(recall that it must be bigger than the detection threshold δ₁=n/2).

The deviation of s·w is σ*=n^(1/2)B/2, so the probability for a randomlychosen seed to meet this criteria is ε*<exp(−u²/2), where uσ*=2n/3. So,ε*<exp(−n/B²). This may not be sufficient for a whole object (n=10⁶).

However, the exemplary collusion resister may do a piecewise generationby breaking the whole sequence into sub-sequences of size say n′=20B²elements, where each element is half a byte. So the length of eachsubsequence is 4n′ bits. The exemplary collusion resister may try on theaverage exp(u²/2) seeds until a good one (about a million in the aboveexample) is found. Typically, this is done once per client.

If the exemplary collusion resister uses a random access PRNG, it mayjump on the average exp(u²/2) phases until a good one is found. Apointer of this magnitude has log exp(u²/2)=n′/B² bits, so thecompression ratio is 4B² For example, for B=10, the exemplary collusionresister get compression ratio of 400. If n=10⁶, then a detection key isa size 10 K byte per client.

This key can be stored on a smart card, for example. The key is good fora multitude of different goods (e.g., 800 movies) (the error probabilityin estimating w by averaging k movies is exp(−k/(8A²)).

Methodological Implementation of the Exemplary Collusion Resister

FIGS. 2-4 show methodological implementations of the exemplary collusionresister performed by the collusion-resistant architecture 100 (or someportion thereof). These methodological implementations may be performedin software, hardware, or a combination thereof.

FIG. 2 shows methodological implementation of the exemplary collusionresister performed by, for example, the key generation entity 110 andmarker 120 of the collusion-resistant architecture 100.

At 210 of FIG. 2, the exemplary collusion resister generates apseudorandom watermark w for embedding into a media signal x (i.e., adigital good).

At 212, it generates an individual pseudorandom watermark carrier c_(i)where the carrier and the watermark are based on different seeds. Inother words, one is not inferred from the other. Each carrier isassociated with an individual client (e.g., person, business, company,detector hardware, detector software, etc.). The carriers are stored ina carrier matrix (C) and each entry in that matrix is associated with anindividual client.

At 214, an individualized watermark detection key (WDK h_(i)) isgenerated by combining the watermark and an individual watermarkcarrier. Consequently, each individualized WDKs is associated with anindividual client. At 216, the exemplary collusion resister produces ashort-key estimation (s_(i)) of the individualized WDKs.

At 218 of FIG. 2, the media signal x is marked to produce a marked mediasignal y. In other words, y=x+w. At 220, the marked signal isdistributed. The process ends at 222.

NOTE: No fingerprint is embedded into the media signal. Unlike classicfingerprinting, no fingerprint code is embedded into the signal. TheWDKs are not embedded into the signal. The watermark carriers are notembedded into the signal. The marked signal includes the watermark, butit does not include a fingerprint.

However, since the individualized WDKs are generated in part by thewatermarks, then only those clients having a particularly associatedindividualized WDK can access (detect, modify, etc.) the particularlyassociated watermark in the marked signal.

If no segmentation is employed, then these blocks 210-222 are repeatedfor each copy of a digital good. Each copy is associated with a specificclient. That specific client is associated with the individualized WDKfor that specific copy.

If segmentation is employed, then blocks 210-218 are repeated for eachsegment of the media signal x. Each segment has its own watermarkembedded therein. Consequently, each segment also has an individualizedWDK associated with it. If segmentation is employed, then the copy ofthe marked signal distributed in block 220 may be an identical foreveryone. This is because clients can only access (detect, modify, etc.)watermarks in their associated segment.

FIG. 3 shows methodological implementation of the exemplary collusionresister performed by, for example, the watermark detector 140 of thecollusion-resistant architecture 100.

Since watermark detection is typically done in an insecure environment,it has no access to the original unmarked signal (x), the originalmarked media signal (y), carrier index (C), and the like. Typically,watermark detection is performed in “real-time” by detectors (e.g.,desktop hardware and/or software) with pedestrian computing power.

At 310 of FIG. 3, the exemplary collusion resister obtains a subjectmedia signal. It is not known whether this signal has been modified ornot. At 312, the individualized WDK associated with a specific client isobtained. The individualized WDK may be hardwired, it may be infirmware, it may be stored in a memory, or the like. It may be encryptedor hidden. Regardless of where the individualized WDK is obtained, itdoes not come from the subject media signal. The exemplary collusionresister does not obtain the individualized WDK from the signal that itis examining.

At 314, it determines whether a watermark exists in the subject mediasignal using the individualized WDK associated with the specific client.At 316, it indicates the results of such determination.

At 318, it indicates whether a watermark in the subject signal issuspected of being modified. If so, that may trigger the fingerprintdetection (see FIG. 4). At 320, the process ends.

FIG. 4 shows methodological implementation of the exemplary collusionresister performed by, for example, the fingerprint detector 130 of thecollusion-resistant architecture 100.

At 410 of FIG. 4, the exemplary collusion resister obtains a mediasignal suspected of being modified. At 412, it also obtains originalmarked media signal (y). At 414, it also obtains the watermark carriers(c_(i)) for carrier index (C).

Since fingerprint detection is typically done in a secure environment,it can have access to the original marked media signal and carrier index(C). Typically, fingerprint detection is performed “offline” by powerfulcomputers with sufficient resources.

At 416 of FIG. 4, the exemplary collusion resister determines whetherthe suspected media signal to has “fingerprints” of colluders bycorrelating the watermark carrier such that an individual WDK was partof the collusion. At 418, it indicates the presences of “fingerprints”and identifies the colluders. At 420, the process end.

Exemplary Computing System and Environment

FIG. 5 illustrates an example of a suitable computing environment 900within which an exemplary collusion resister, as described herein, maybe implemented (either fully or partially). The computing environment900 may be utilized in the computer and network architectures describedherein.

The exemplary computing environment 900 is only one example of acomputing environment and is not intended to suggest any limitation asto the scope of use or functionality of the computer and networkarchitectures. Neither should the computing environment 900 beinterpreted as having any dependency or requirement relating to any oneor combination of components illustrated in the exemplary computingenvironment 900.

The exemplary collusion resister may be implemented with numerous othergeneral purpose or special purpose computing system environments orconfigurations. Examples of well known computing systems, environments,and/or configurations that may be suitable for use include, but are notlimited to, personal computers, server computers, thin clients, thickclients, hand-held or laptop devices, multiprocessor systems,microprocessor-based systems, set top boxes, programmable consumerelectronics, network PCs, minicomputers, mainframe computers,distributed computing environments that include any of the above systemsor devices, and the like.

The exemplary collusion resister may be described in the general contextof computer-executable instructions, such as program modules, beingexecuted by a computer. Generally, program modules include routines,programs, objects, components, data structures, etc. that performparticular tasks or implement particular abstract data types. Theexemplary collusion resister may also be practiced in distributedcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. In adistributed computing environment, program modules may be located inboth local and remote computer storage media including memory storagedevices.

The computing environment 900 includes a general-purpose computingdevice in the form of a computer 902. The components of computer 902 caninclude, by are not limited to, one or more processors or processingunits 904, a system memory 906, and a system bus 908 that couplesvarious system components including the processor 904 to the systemmemory 906.

The system bus 908 represents one or more of any of several types of busstructures, including a memory bus or memory controller, a peripheralbus, an accelerated graphics port, and a processor or local bus usingany of a variety of bus architectures. By way of example, sucharchitectures can include an Industry Standard Architecture (ISA) bus, aMicro Channel Architecture (MCA) bus, an Enhanced ISA (EISA) bus, aVideo Electronics Standards Association (VESA) local bus, and aPeripheral Component Interconnects (PCI) bus also known as a Mezzaninebus.

Computer 902 typically includes a variety of computer readable media.Such media can be any available media that is accessible by computer 902and includes both volatile and non-volatile media, removable andnon-removable media.

The system memory 906 includes computer readable media in the form ofvolatile memory, such as random access memory (RAM) 910, and/ornon-volatile memory, such as read only memory (ROM) 912. A basicinput/output system (BIOS) 914, containing the basic routines that helpto transfer information between elements within computer 902, such asduring start-up, is stored in ROM 912. RAM 910 typically contains dataand/or program modules that are immediately accessible to and/orpresently operated on by the processing unit 904.

Computer 902 may also include other removable/non-removable,volatile/non-volatile computer storage media. By way of example, FIG. 5illustrates a hard disk drive 916 for reading from and writing to anon-removable, non-volatile magnetic media (not shown), a magnetic diskdrive 918 for reading from and writing to a removable, non-volatilemagnetic disk 920 (e.g., a “floppy disk”), and an optical disk drive 922for reading from and/or writing to a removable, non-volatile opticaldisk 924 such as a CD-ROM, DVD-ROM, or other optical media. The harddisk drive 916, magnetic disk drive 918, and optical disk drive 922 areeach connected to the system bus 908 by one or more data mediainterfaces 925. Alternatively, the hard disk drive 916, magnetic diskdrive 918, and optical disk drive 922 can be connected to the system bus908 by one or more interfaces (not shown).

The disk drives and their associated computer-readable media providenon-volatile storage of computer readable instructions, data structures,program modules, and other data for computer 902. Although the exampleillustrates a hard disk 916, a removable magnetic disk 920, and aremovable optical disk 924, it is to be appreciated that other types ofcomputer readable media which can store data that is accessible by acomputer, such as magnetic cassettes or other magnetic storage devices,flash memory cards, CD-ROM, digital versatile disks (DVD) or otheroptical storage, random access memories (RAM), read only memories (ROM),electrically erasable programmable read-only memory (EEPROM), and thelike, can also be utilized to implement the exemplary computing systemand environment.

Any number of program modules can be stored on the hard disk 916,magnetic disk 920, optical disk 924, ROM 912, and/or RAM 910, includingby way of example, an operating system 926, one or more applicationprograms 928, other program modules 930, and program data 932. Each ofsuch operating system 926, one or more application programs 928, otherprogram modules 930, and program data 932 (or some combination thereof)may include an embodiment of a digital-good obtainer, a fingerprintdetector, a collusion indicator, a colluder identifier, a fingerprintmemory, and a watermark detector.

A user can enter commands and information into computer 902 via inputdevices such as a keyboard 934 and a pointing device 936 (e.g., a“mouse”). Other input devices 938 (not shown specifically) may include amicrophone, joystick, game pad, satellite dish, serial port, scanner,and/or the like. These and other input devices are connected to theprocessing unit 904 via input/output interfaces 940 that are coupled tothe system bus 908, but may be connected by other interface and busstructures, such as a parallel port, game port, or a universal serialbus (USB).

A monitor 942 or other type of display device can also be connected tothe system bus 908 via an interface, such as a video adapter 944. Inaddition to the monitor 942, other output peripheral devices can includecomponents such as speakers (not shown) and a printer 946 which can beconnected to computer 902 via the input/output interfaces 940.

Computer 902 can operate in a networked environment using logicalconnections to one or more remote computers, such as a remote computingdevice 948. By way of example, the remote computing device 948 can be apersonal computer, portable computer, a server, a router, a networkcomputer, a peer device or other common network node, and the like. Theremote computing device 948 is illustrated as a portable computer thatcan include many or all of the elements and features described hereinrelative to computer 902.

Logical connections between computer 902 and the remote computer 948 aredepicted as a local area network (LAN) 950 and a general wide areanetwork (WAN) 952. Such networking environments are commonplace inoffices, enterprise-wide computer networks, intranets, and the Internet.

When implemented in a LAN networking environment, the computer 902 isconnected to a local network 950 via a network interface or adapter 954.When implemented in a WAN networking environment, the computer 902typically includes a modem 956 or other means for establishingcommunications over the wide network 952. The modem 956, which can beinternal or external to computer 902, can be connected to the system bus908 via the input/output interfaces 940 or other appropriate mechanisms.It is to be appreciated that the illustrated network connections areexemplary and that other means of establishing communication link(s)between the computers 902 and 948 can be employed.

In a networked environment, such as that illustrated with computingenvironment 900, program modules depicted relative to the computer 902,or portions thereof, may be stored in a remote memory storage device. Byway of example, remote application programs 958 reside on a memorydevice of remote computer 948. For purposes of illustration, applicationprograms and other executable program components such as the operatingsystem are illustrated herein as discrete blocks, although it isrecognized that such programs and components reside at various times indifferent storage components of the computing device 902, and areexecuted by the data processor(s) of the computer.

Computer-Executable Instructions

An implementation of an exemplary collusion resister may be described inthe general context of computer-executable instructions, such as programmodules, executed by one or more computers or other devices. Generally,program modules include routines, programs, objects, components, datastructures, etc. that perform particular tasks or implement particularabstract data types. Typically, the functionality of the program modulesmay be combined or distributed as desired in various embodiments.

Exemplary Operating Environment

FIG. 5 illustrates an example of a suitable operating environment 900 inwhich an exemplary collusion resister may be implemented. Specifically,the exemplary collusion resister(s) described herein may be implemented(wholly or in part) by any program modules 928-930 and/or operatingsystem 926 in FIG. 5 or a portion thereof.

The operating environment is only an example of a suitable operatingenvironment and is not intended to suggest any limitation as to thescope or use of functionality of the exemplary collusion resister(s)described herein. Other well known computing systems, environments,and/or configurations that are suitable for use include, but are notlimited to, personal computers (PCs), server computers, hand-held orlaptop devices, multiprocessor systems, microprocessor-based systems,programmable consumer electronics, wireless phones and equipments,general- and special-purpose appliances, application-specific integratedcircuits (ASICs), network PCs, minicomputers, mainframe computers,distributed computing environments that include any of the above systemsor devices, and the like.

Computer Readable Media

An implementation of an exemplary collusion resister may be stored on ortransmitted across some form of computer readable media. Computerreadable media can be any available media that can be accessed by acomputer. By way of example, and not limitation, computer readable mediamay comprise “computer storage media” and “communications media.”

“Computer storage media” include volatile and non-volatile, removableand non-removable media implemented in any method or technology forstorage of information such as computer readable instructions, datastructures, program modules, or other data. Computer storage mediaincludes, but is not limited to, RAM, ROM, EEPROM, flash memory or othermemory technology, CD-ROM, digital versatile disks (DVD) or otheroptical storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, or any other medium which canbe used to store the desired information and which can be accessed by acomputer.

“Communication media” typically embodies computer readable instructions,data structures, program modules, or other data in a modulated datadigital good, such as carrier wave or other transport mechanism.Communication media also includes any information delivery media.

The term “modulated data signal” means a signal that has one or more ofits characteristics set or changed in such a manner as to embeddeinformation in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared, and other wireless media. Combinations of any of the above arealso included within the scope of computer readable media.

CONCLUSION

Although the invention has been described in language specific tostructural features and/or methodological steps, it is to be understoodthat the invention defined in the appended claims is not necessarilylimited to the specific features or steps described. Rather, thespecific features and steps are disclosed as preferred forms ofimplementing the invention.

1. A method facilitating the protection of digital goods, the methodcomprising: generating a plurality of watermark detection keys, eachincluding a corresponding watermark carrier; marking a digital good withat least one watermark corresponding to the watermark detection keys,wherein the watermark carriers are not embedded in the digital goodduring marking with the watermark, wherein, when the watermark ismodified or removed from the digital good using one or more of thewatermark detection keys, one or more of the watermark carrierscorresponding to the one or more watermark detection keys used to modifyor remove the watermark are detected from examination of in the digitalgood; distributing the digital good as a distributed digital good;determining that the watermark in the distributed digital good has beenmodified or removed; and identifying, by a detector implemented by aprocessor executing computer-executable instructions stored incomputer-readable storage media, at least one of the watermark carriersby examination of the distributed digital good.
 2. A method as recitedin claim 1, further comprising: associating the watermark detection keyswith specific entities via the watermark carriers; and identifying thespecific entity associated with the identified at least one watermarkcarrier for determining a source of the one or more watermark detectionkeys used to modify or remove the watermark.
 3. A method as recited inclaim 1, wherein the digital good is partitioned into multiple segmentsthat each include one of the watermarks, and wherein the determiningexamines one or more segments of the multiple segments of the digitalgood.
 4. A method as recited in claim 1, wherein the determining thatthe watermark has been modified or removed includes comparing thedigital good with an originally marked version of the digital good.
 5. Amethod as recited in claim 1, wherein the digital good is selected froma group consisting of digitized images, digitized audio, digitizedvideo, digitized multimedia, software applications, and media signals.6. One or more computer-readable storage media comprisingcomputer-executable instructions executed for performing actscomprising: generating a plurality of watermark detection keys withcorresponding watermark carriers, wherein for distribution of a digitalgood, the digital good is marked with at least one watermarkcorresponding to the watermark detection keys, wherein the watermarkcarriers are not embedded in the digital good during marking with thewatermark, wherein, when the watermark is modified or removed from thedigital good using one or more of the watermark detection keys, one ormore of the watermark carriers corresponding to the one or morewatermark detection keys used to modify or remove the watermark aredetected from examination of the digital good; following distribution ofthe digital good, determining that the watermark in the digital good hasbeen modified or removed; and identifying, by a detector implemented bya processor of a computer executing the computer-executableinstructions, at least one of the watermark carriers by examination ofthe digital good when the watermark has been modified or removed.
 7. Oneor more computer-readable storage media as recited in claim 6, whereinthe watermark detection keys are compressed by producing a short keyestimation of each watermark detection key for distribution to anassigned detection entity.
 8. One or more computer-readable storagemedia as recited in claim 6, wherein the digital good is partitionedinto multiple segments that each include one of the watermarks anddetermining examines one or more segments of the multiple segments ofthe digital good.
 9. One or more computer-readable storage media asrecited in claim 6, further comprising: associating the individualizedwatermark detection keys with specific detection entities via thewatermark carriers; and identifying an associated detection entity fromthe identified at least one watermark carrier for determining a sourceof the one or more watermark detection keys used to modify or remove thewatermark.
 10. One or more storage media as recited in claim 6, whereinthe digital good is selected from a group consisting of digitizedimages, digitized audio, digitized video, digitized multimedia, softwareapplications, and media signals.
 11. A system for facilitating theprotection of digital goods, the system comprising: a digital goodhaving a watermark embedded therein; a memory configured to store one ormore watermark detection keys corresponding to the watermark, eachwatermark detection key including a corresponding watermark carrier,wherein, when the watermark is embedded in the digital good, thewatermark carriers are not embedded in the digital good, wherein, whenthe watermark is modified or removed from the digital good using one ormore of the watermark detection keys, one or more of the watermarkcarriers corresponding to the one or more watermark detection keys usedto modify or remove the watermark are detected from examination of thedigital good; a watermark detector configured to determine that theembedded watermark has been modified or removed from the digital good;and a fingerprint detector including one or more processors configuredto identify at least one of the watermark carriers from an examinationof the digital good when the watermark has been modified or removed. 12.A system as recited in claim 11, wherein the watermark detection keysare associated with specific entities via the watermark carriers, andwherein the fingerprint detector is configured to identify the specificentity associated with the identified at least one watermark carrier fordetermining a source of the one or more watermark detection keys used tomodify or remove the watermark.
 13. A system as recited in claim 11,wherein the watermark detection keys are compressed by producing a shortkey estimation of each watermark detection key for distribution toassigned detection entities.
 14. A system as recited in claim 11,wherein the digital good is selected from a group consisting ofdigitized images, digitized audio, digitized video, digitizedmultimedia, software applications, and media signals.
 15. A method forfacilitating the protection of digital goods, the method comprising:generating a plurality of individualized watermark detection keys, eachincluding a corresponding unique watermark carrier associated therewithby combining a secret watermarking key with each unique watermarkcarrier; marking a digital good by using the secret watermarking key forembedding at least one digital watermark in the digital good, whereinthe at least one digital watermark corresponds to the individualizedwatermark detection keys, wherein the watermark carriers are notembedded in the digital good during marking of the digital good byembedding the digital watermark, wherein when the digital watermark ismodified or removed from the digital good using a plurality of theindividualized watermark detection keys during a collusion attack, oneor more of the watermark carriers corresponding to the one or morewatermark detection keys used to modify or remove the watermark aredetected from examination the digital good; associating each uniquewatermark carrier to a specific detection entity, whereby each detectionentity includes a different individualized watermark detection key ableto detect the watermark using correlation-based watermark detection;distributing the digital good; detecting that the embedded digitalwatermark has been modified or removed from an attacked version of thedigital good that was distributed by comparing the attacked version ofthe digital good with an originally marked version of the digital good;recovering, by a detector implemented by a processor executingcomputer-executable instructions stored in computer-readable storagemedia an attack vector that was used in a collusion attack to modify orremove the watermark from the digital good by examination of theattacked version of the digital good in comparison with the originallymarked version of the digital good; identifying, by the detector, aplurality of the watermark carriers from correlation with the attackvector recovered from the digital good, wherein the identified watermarkcarriers correspond to a plurality of the individualized watermarkdetection keys that were used in the collusion attack on the digitalgood; and identifying, by the detector, specific detection entities asbeing associated with individualized watermark detection keys used inthe collusion attack from the identified watermark carriers.
 16. Amethod as recited in claim 15, wherein the watermark detection keys arecompressed by producing a short key estimation of each watermarkdetection key for distribution to the specific detection entities.
 17. Amethod as recited in claim 15, wherein the watermark carrier is used aspart of the corresponding individualized watermark detection keys by theassigned detection entity when detecting the digital watermark in thedigital good.
 18. A method as recited in claim 15, wherein the digitalgood is selected from a group consisting of digitized images, digitizedaudio, digitized video, digitized multimedia, software applications, andmedia signals.